fix(coderabbit): update CLI commands to match official docs#124
fix(coderabbit): update CLI commands to match official docs#124marcusquinn merged 1 commit intomainfrom
Conversation
- Change 'coderabbit review' to 'coderabbit --plain' (correct command) - Add --prompt-only mode for AI agent integration - Add --type flag support (all, uncommitted, committed) - Add --base flag for branch comparison - Replace setup_api_key with auth_login (browser-based OAuth) - Add review_all_changes function for committed + uncommitted - Update coderabbit.md with comprehensive CLI documentation - Add installation, usage examples, and troubleshooting sections Closes #t036
WalkthroughThe CodeRabbit CLI script was restructured to introduce browser-based authentication via an Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes The shell script introduces multiple new functions with conditional logic for mode handling and parameter forwarding, along with refactored control flow for authentication and review operations. Cross-function dependencies require verification, and documentation accuracy against implementation needs confirmation. Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @marcusquinn, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request refactors the CodeRabbit CLI integration to reflect the latest official documentation, ensuring that the tool's commands and authentication methods are current and functional. It also significantly enhances the accompanying documentation, providing clearer instructions and examples for both manual use and AI agent integration, thereby improving the overall usability and maintainability of the CodeRabbit setup. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Sun Jan 18 20:26:44 UTC 2026 Generated by AI DevOps Framework Code Review Monitoring |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the CodeRabbit CLI integration to align with the latest official documentation, which is a great improvement. The shell script is updated with new commands and a browser-based authentication flow, and the documentation in coderabbit.md is now much more comprehensive.
I've found a critical security vulnerability in the shell script related to the use of eval with user-provided input, which could lead to command injection. I've provided suggestions to fix this by using arrays to build commands safely. I've also pointed out some code duplication that could be refactored for better maintainability.
Additionally, I've made a minor suggestion to improve the clarity of the installation instructions in the documentation.
Overall, these are valuable changes. Once the security issue is addressed, this will be a solid contribution.
| # Build command based on mode | ||
| local cmd="coderabbit" | ||
| case "$mode" in | ||
| "plain") | ||
| cmd="$cmd --plain --type uncommitted" | ||
| ;; | ||
| "prompt-only") | ||
| cmd="$cmd --prompt-only --type uncommitted" | ||
| ;; | ||
| "interactive") | ||
| cmd="$cmd --type uncommitted" | ||
| ;; | ||
| esac | ||
|
|
||
| # Add base branch if specified | ||
| if [[ -n "$base_branch" ]]; then | ||
| cmd="$cmd --base $base_branch" | ||
| fi | ||
|
|
||
| print_info "Analyzing current git changes..." | ||
| if coderabbit review; then | ||
| print_info "Running: $cmd" | ||
| if eval "$cmd"; then | ||
| print_success "Code review completed" | ||
| return 0 | ||
| else | ||
| print_error "Code review failed" | ||
| return 1 | ||
| fi |
There was a problem hiding this comment.
Using eval with user-provided input can lead to command injection vulnerabilities. If a malicious string is passed as an argument (e.g., for base_branch), it could be executed. It's much safer to build the command and its arguments in an array and execute it directly. This also allows for proper handling of arguments with spaces or special characters.
Additionally, the case statement lacks a default branch to handle invalid mode arguments, which could lead to unexpected behavior. I've added a default case to provide a clear error message.
Here is a safer implementation using an array:
# Build command based on mode
local cmd_args=("coderabbit")
case "$mode" in
"plain")
cmd_args+=(--plain --type uncommitted)
;;
"prompt-only")
cmd_args+=(--prompt-only --type uncommitted)
;;
"interactive")
cmd_args+=(--type uncommitted)
;;
*)
print_error "Invalid review mode: '$mode'. Must be 'plain', 'prompt-only', or 'interactive'."
return 1
;;
esac
# Add base branch if specified
if [[ -n "$base_branch" ]]; then
cmd_args+=(--base "$base_branch")
fi
print_info "Running: ${cmd_args[*]}"
if "${cmd_args[@]}"; then
print_success "Code review completed"
return 0
else
print_error "Code review failed"
return 1
fi| # Build command based on mode | ||
| local cmd="coderabbit" | ||
| case "$mode" in | ||
| "plain") | ||
| cmd="$cmd --plain --type all" | ||
| ;; | ||
| "prompt-only") | ||
| cmd="$cmd --prompt-only --type all" | ||
| ;; | ||
| "interactive") | ||
| cmd="$cmd --type all" | ||
| ;; | ||
| esac | ||
|
|
||
| # Add base branch if specified | ||
| if [[ -n "$base_branch" ]]; then | ||
| cmd="$cmd --base $base_branch" | ||
| fi | ||
|
|
||
| print_info "Running: $cmd" | ||
| if eval "$cmd"; then | ||
| print_success "Code review completed" | ||
| return 0 | ||
| else | ||
| print_error "Code review failed" | ||
| return 1 | ||
| fi |
There was a problem hiding this comment.
Similar to review_changes, this function uses eval with user input, which is a security risk that can lead to command injection. It should be refactored to use an array for command arguments.
I've also noticed that review_changes and review_all_changes are nearly identical. After applying this fix, consider refactoring them into a single helper function that takes the review type (all or uncommitted) as a parameter to reduce code duplication and improve maintainability.
Here is the immediate fix for this function:
# Build command based on mode
local cmd_args=("coderabbit")
case "$mode" in
"plain")
cmd_args+=(--plain --type all)
;;
"prompt-only")
cmd_args+=(--prompt-only --type all)
;;
"interactive")
cmd_args+=(--type all)
;;
*)
print_error "Invalid review mode: '$mode'. Must be 'plain', 'prompt-only', or 'interactive'."
return 1
;;
esac
# Add base branch if specified
if [[ -n "$base_branch" ]]; then
cmd_args+=(--base "$base_branch")
fi
print_info "Running: ${cmd_args[*]}"
if "${cmd_args[@]}"; then
print_success "Code review completed"
return 0
else
print_error "Code review failed"
return 1
fi|
|
||
| ### **Code Quality Improvements** | ||
| # Restart shell or reload config | ||
| source ~/.zshrc |
There was a problem hiding this comment.
The instruction to source ~/.zshrc is specific to the Zsh shell. Users of other shells like Bash would need to source a different file (e.g., ~/.bashrc). To make the documentation more general and helpful for all users, it would be better to provide a more generic instruction or mention alternatives. Making this a commented-out example prevents execution errors for users on different shells.
| source ~/.zshrc | |
| # e.g., source ~/.zshrc or source ~/.bashrc |
🤖 Augment PR SummarySummary: Updates the CodeRabbit integration to match the current official CLI behavior and improves local/PR review documentation. Changes:
Technical Notes: Review commands are now parameterized by output mode (plain/prompt-only/interactive) and optionally accept a base branch for diff comparisons. 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| print_info "Analyzing current git changes..." | ||
| if coderabbit review; then | ||
| print_info "Running: $cmd" | ||
| if eval "$cmd"; then |
There was a problem hiding this comment.
Running a dynamically built command via eval can introduce unintended shell interpretation/word-splitting when mode/base_branch contain spaces or shell metacharacters (also applies to review_all_changes). This is especially risky since the inputs come directly from CLI args.
🤖 Was this useful? React with 👍 or 👎
| - **Purpose**: AI-powered code review via CLI (local) and PR (GitHub/GitLab) | ||
| - **CLI Install**: `curl -fsSL https://cli.coderabbit.ai/install.sh | sh` | ||
| - **CLI Auth**: `coderabbit auth login` (browser-based OAuth) | ||
| - **Review uncommitted**: `coderabbit --plain` or `coderabbit --prompt-only` |
There was a problem hiding this comment.
The Quick Reference/Usage sections describe coderabbit --plain as “review uncommitted”, but the “Review Types” table says the default is --type all. Consider clarifying which behavior is correct so readers don’t accidentally review a different scope than intended.
🤖 Was this useful? React with 👍 or 👎
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
.agent/scripts/coderabbit-cli.sh (2)
106-172: Shell-script auto-fix can change behavior; avoid injectingreturn 0.
The awk rewrite forces success and can mask failures, which is risky for an automated fixer. As per coding guidelines, avoid logic-altering “fixes” in automation scripts.🛠️ Safer fixer behavior
- cp "$file" "$file.coderabbit-backup" - print_info "Created backup: $file.coderabbit-backup" + if ! cp "$file" "$file.coderabbit-backup"; then + print_error "Failed to create backup: $file.coderabbit-backup" + return 1 + fi + print_info "Created backup: $file.coderabbit-backup" @@ - if [[ "$file" == *.sh ]]; then - print_info "Applying shell script fixes..." - - # Add return statements to functions (basic implementation) - awk ' - /^[a-zA-Z_][a-zA-Z0-9_]*\(\)/ { in_function = 1; function_name = $_arg1 } - /^}$/ && in_function { - print " return 0" - print $0 - in_function = 0 - next - } - { print } - ' "$file" > "$file.tmp" && mv "$file.tmp" "$file" - - print_success "Applied shell script fixes" - fi + if [[ "$file" == *.sh ]]; then + print_warning "Shell-script auto-fixes can change behavior; skipping by default." + print_info "Review and apply shell fixes manually for $file" + fi
56-104: Harden error handling for GitHub CLI and jq dependency checks to maintain automation reliability.
jqis used at lines 75, 79, 89 without availability verification, andghcommand failures (lines 72, 87) are not captured. Both tools are documented dependencies (README.md:448-449, setup.sh:398), but following the codebase pattern (mainwp-helper.sh, vaultwarden-helper.sh, etc.), defensive checks align with automation script best practices.🛠️ Proposed reliability hardening
get_coderabbit_reviews() { print_header "Fetching CodeRabbit Reviews" # Check if gh CLI is available if ! command -v gh &> /dev/null; then print_warning "GitHub CLI (gh) not found. Install it for API access." print_info "Visit: https://cli.github.com/" return 1 fi + if ! command -v jq &> /dev/null; then + print_warning "jq not found. Install it to parse GitHub API output." + return 1 + fi # Get recent PRs with CodeRabbit reviews print_info "Fetching recent pull requests with CodeRabbit reviews..." local prs - prs=$(gh pr list --state all --limit 5 --json number,title,state,url) + if ! prs=$(gh pr list --state all --limit 5 --json number,title,state,url); then + print_error "Failed to fetch pull requests via GitHub CLI" + return 1 + fi @@ - reviews=$(gh pr view "$latest_pr" --json reviews) + if ! reviews=$(gh pr view "$latest_pr" --json reviews); then + print_error "Failed to fetch reviews for PR #$latest_pr" + return 1 + fi
🤖 Fix all issues with AI agents
In @.agent/scripts/coderabbit-cli.sh:
- Around line 288-329: The review_changes function builds a command string and
then uses eval with unvalidated user input (mode and base_branch), which risks
command injection and can drop the required "--type uncommitted" for invalid
modes; fix it by validating the mode (accept only "plain", "prompt-only",
"interactive" and error on unknown), build the command as an array (e.g.,
cmd=(coderabbit) and append safe flags like "--plain" or "--prompt-only" and
always append "--type" "uncommitted"), conditionally append "--base"
"$base_branch" only after validating/quoting base_branch, and invoke the command
without eval using the array (e.g., "${cmd[@]}"); reference review_changes,
mode, base_branch, and cmd when making the changes.
In @.agent/tools/code-review/coderabbit.md:
- Around line 46-50: Update the "## Rate Limits" section: change the static
bullets currently showing "Free: 2 reviews/hour" and "Pro: 8 reviews/hour" to
the verified values "Free: 3 reviews/hour" and "Pro: 5 reviews/hour" (or replace
the bullets with a single line linking to the official CodeRabbit docs for
dynamic reference); locate the "## Rate Limits" header and modify the two bullet
lines beneath it accordingly in the .agent/tools/code-review/coderabbit.md file.
- Around line 21-45: Update the "Review uncommitted" CLI example which currently
lists `coderabbit --plain` to accurately show the flag for uncommitted-only
reviews by changing it to include the `--type uncommitted` option (e.g.,
`coderabbit --plain --type uncommitted`), so locate the "Review uncommitted"
bullet and replace the command text; also ensure any related explanatory line in
the "CLI Modes" or "Review Types" sections consistently references `--type
uncommitted` when describing uncommitted-only behavior.
♻️ Duplicate comments (1)
.agent/scripts/coderabbit-cli.sh (1)
331-372: Same eval/validation risk asreview_changes.
Apply the same array-based invocation and mode validation here too.
| # Review uncommitted changes (default mode for local development) | ||
| review_changes() { | ||
| print_header "Reviewing current changes with CodeRabbit..." | ||
| local mode="${1:-plain}" | ||
| local base_branch="${2:-}" | ||
|
|
||
| print_header "Reviewing uncommitted changes with CodeRabbit..." | ||
|
|
||
| if ! check_cli_installed; then | ||
| print_error "CodeRabbit CLI not installed. Run: $0 install" | ||
| return 1 | ||
| fi | ||
|
|
||
| if ! load_api_key; then | ||
| return 1 | ||
| print_info "Analyzing uncommitted git changes..." | ||
|
|
||
| # Build command based on mode | ||
| local cmd="coderabbit" | ||
| case "$mode" in | ||
| "plain") | ||
| cmd="$cmd --plain --type uncommitted" | ||
| ;; | ||
| "prompt-only") | ||
| cmd="$cmd --prompt-only --type uncommitted" | ||
| ;; | ||
| "interactive") | ||
| cmd="$cmd --type uncommitted" | ||
| ;; | ||
| esac | ||
|
|
||
| # Add base branch if specified | ||
| if [[ -n "$base_branch" ]]; then | ||
| cmd="$cmd --base $base_branch" | ||
| fi | ||
|
|
||
| print_info "Analyzing current git changes..." | ||
| if coderabbit review; then | ||
| print_info "Running: $cmd" | ||
| if eval "$cmd"; then | ||
| print_success "Code review completed" | ||
| return 0 | ||
| else | ||
| print_error "Code review failed" | ||
| return 1 | ||
| fi | ||
| return 0 | ||
| } |
There was a problem hiding this comment.
Avoid eval and validate mode to prevent injection.
User-provided mode/base are interpolated into eval, which enables command injection and can skip --type uncommitted on invalid modes. As per coding guidelines, prefer safe argument handling in shell automation.
🔒 Proposed safe invocation
- local cmd="coderabbit"
+ local -a cmd=(coderabbit)
case "$mode" in
"plain")
- cmd="$cmd --plain --type uncommitted"
+ cmd+=(--plain --type uncommitted)
;;
"prompt-only")
- cmd="$cmd --prompt-only --type uncommitted"
+ cmd+=(--prompt-only --type uncommitted)
;;
"interactive")
- cmd="$cmd --type uncommitted"
+ cmd+=(--type uncommitted)
;;
+ *)
+ print_error "Unknown mode: $mode"
+ return 1
+ ;;
esac
@@
- cmd="$cmd --base $base_branch"
+ cmd+=(--base "$base_branch")
fi
- print_info "Running: $cmd"
- if eval "$cmd"; then
+ print_info "Running: ${cmd[*]}"
+ if "${cmd[@]}"; then📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # Review uncommitted changes (default mode for local development) | |
| review_changes() { | |
| print_header "Reviewing current changes with CodeRabbit..." | |
| local mode="${1:-plain}" | |
| local base_branch="${2:-}" | |
| print_header "Reviewing uncommitted changes with CodeRabbit..." | |
| if ! check_cli_installed; then | |
| print_error "CodeRabbit CLI not installed. Run: $0 install" | |
| return 1 | |
| fi | |
| if ! load_api_key; then | |
| return 1 | |
| print_info "Analyzing uncommitted git changes..." | |
| # Build command based on mode | |
| local cmd="coderabbit" | |
| case "$mode" in | |
| "plain") | |
| cmd="$cmd --plain --type uncommitted" | |
| ;; | |
| "prompt-only") | |
| cmd="$cmd --prompt-only --type uncommitted" | |
| ;; | |
| "interactive") | |
| cmd="$cmd --type uncommitted" | |
| ;; | |
| esac | |
| # Add base branch if specified | |
| if [[ -n "$base_branch" ]]; then | |
| cmd="$cmd --base $base_branch" | |
| fi | |
| print_info "Analyzing current git changes..." | |
| if coderabbit review; then | |
| print_info "Running: $cmd" | |
| if eval "$cmd"; then | |
| print_success "Code review completed" | |
| return 0 | |
| else | |
| print_error "Code review failed" | |
| return 1 | |
| fi | |
| return 0 | |
| } | |
| # Review uncommitted changes (default mode for local development) | |
| review_changes() { | |
| local mode="${1:-plain}" | |
| local base_branch="${2:-}" | |
| print_header "Reviewing uncommitted changes with CodeRabbit..." | |
| if ! check_cli_installed; then | |
| print_error "CodeRabbit CLI not installed. Run: $0 install" | |
| return 1 | |
| fi | |
| print_info "Analyzing uncommitted git changes..." | |
| # Build command based on mode | |
| local -a cmd=(coderabbit) | |
| case "$mode" in | |
| "plain") | |
| cmd+=(--plain --type uncommitted) | |
| ;; | |
| "prompt-only") | |
| cmd+=(--prompt-only --type uncommitted) | |
| ;; | |
| "interactive") | |
| cmd+=(--type uncommitted) | |
| ;; | |
| *) | |
| print_error "Unknown mode: $mode" | |
| return 1 | |
| ;; | |
| esac | |
| # Add base branch if specified | |
| if [[ -n "$base_branch" ]]; then | |
| cmd+=(--base "$base_branch") | |
| fi | |
| print_info "Running: ${cmd[*]}" | |
| if "${cmd[@]}"; then | |
| print_success "Code review completed" | |
| return 0 | |
| else | |
| print_error "Code review failed" | |
| return 1 | |
| fi | |
| } |
🤖 Prompt for AI Agents
In @.agent/scripts/coderabbit-cli.sh around lines 288 - 329, The review_changes
function builds a command string and then uses eval with unvalidated user input
(mode and base_branch), which risks command injection and can drop the required
"--type uncommitted" for invalid modes; fix it by validating the mode (accept
only "plain", "prompt-only", "interactive" and error on unknown), build the
command as an array (e.g., cmd=(coderabbit) and append safe flags like "--plain"
or "--prompt-only" and always append "--type" "uncommitted"), conditionally
append "--base" "$base_branch" only after validating/quoting base_branch, and
invoke the command without eval using the array (e.g., "${cmd[@]}"); reference
review_changes, mode, base_branch, and cmd when making the changes.
| - **Purpose**: AI-powered code review via CLI (local) and PR (GitHub/GitLab) | ||
| - **CLI Install**: `curl -fsSL https://cli.coderabbit.ai/install.sh | sh` | ||
| - **CLI Auth**: `coderabbit auth login` (browser-based OAuth) | ||
| - **Review uncommitted**: `coderabbit --plain` or `coderabbit --prompt-only` | ||
| - **Review all changes**: `coderabbit --plain --type all` | ||
| - **Compare branch**: `coderabbit --plain --base develop` | ||
| - **Helper script**: `~/.aidevops/agents/scripts/coderabbit-cli.sh` | ||
| - **Docs**: https://docs.coderabbit.ai/cli/overview | ||
|
|
||
| ## CLI Modes | ||
|
|
||
| | Mode | Command | Use Case | | ||
| |------|---------|----------| | ||
| | Plain | `coderabbit --plain` | Scripts, AI agents, readable output | | ||
| | Prompt-only | `coderabbit --prompt-only` | AI agent integration (minimal) | | ||
| | Interactive | `coderabbit` | Manual review with TUI | | ||
|
|
||
| ## Review Types | ||
|
|
||
| | Type | Flag | Description | | ||
| |------|------|-------------| | ||
| | All | `--type all` | Committed + uncommitted (default) | | ||
| | Uncommitted | `--type uncommitted` | Only working directory changes | | ||
| | Committed | `--type committed` | Only committed changes | | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
CodeRabbit CLI default review type --type all --type uncommitted
💡 Result:
The CLI's --type flag accepts all, committed, or uncommitted. The default is "all" (reviews both committed and uncommitted changes). Use --type uncommitted to review only working-directory (uncommitted) changes. [1][2]
Sources:
[1] CodeRabbit CLI docs — Review local changes / CLI flags.
[2] CodeRabbit CLI docs — Review options (shows default = all).
Fix misleading CLI example for reviewing uncommitted changes.
The markdown shows coderabbit --plain as the command to review uncommitted changes, but the default behavior is --type all (both committed and uncommitted). Add the --type uncommitted flag to accurately review only working directory changes.
✏️ Recommended update
-- **Review uncommitted**: `coderabbit --plain` or `coderabbit --prompt-only`
+- **Review uncommitted**: `coderabbit --plain --type uncommitted` or `coderabbit --prompt-only --type uncommitted`🤖 Prompt for AI Agents
In @.agent/tools/code-review/coderabbit.md around lines 21 - 45, Update the
"Review uncommitted" CLI example which currently lists `coderabbit --plain` to
accurately show the flag for uncommitted-only reviews by changing it to include
the `--type uncommitted` option (e.g., `coderabbit --plain --type uncommitted`),
so locate the "Review uncommitted" bullet and replace the command text; also
ensure any related explanatory line in the "CLI Modes" or "Review Types"
sections consistently references `--type uncommitted` when describing
uncommitted-only behavior.
| ## Rate Limits | ||
|
|
||
| - Free: 2 reviews/hour | ||
| - Pro: 8 reviews/hour | ||
| - Paid users get learnings-powered reviews from codebase history |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
CodeRabbit CLI rate limits Free Pro plans 2024 2025
💡 Result:
Summary of CodeRabbit CLI rate limits (Free vs Pro)
-
Free / Free-tier CLI: generally limited to 2–3 reviews per hour (CLI-specific entries show 3/hour in FAQ and docs; some older doc text lists 1/hour for a very limited Free CLI mode). Use-case: summary-only or basic static-analysis reviews on Free. [1][2]
-
Pro (paid) CLI: 5 reviews per hour for the CLI. Paid tiers (Pro) also list higher IDE/PR limits and “unlimited” PR reviews on the web pricing page. Contact sales for custom/enterprise limits. [1][2][3]
Sources
- CodeRabbit CLI docs — “Pricing and capabilities” / Free & Paid rate limits (CLI rate limits: Free listed; Pro: 5 reviews/hour). [docs.coderabbit.ai/cli]. [1]
- CodeRabbit FAQ — “Usage Limits” table showing Reviews per hour (CLI): Free 3/hour, Trial 5/hour, OSS 1/hour, Pro 5/hour, Lite 3/hour. (FAQ reflects recent limits across plans). [docs.coderabbit.ai/faq]. [2]
- CodeRabbit Pricing page — plan descriptions (Free, Pro) and higher limits for Pro. [coderabbit.ai/pricing]. [3]
If you’d like, I can fetch the exact page snapshots (with dates) or check whether any rate limits changed between 2024 and 2025.
Rate limit values are outdated and need correction.
Official CodeRabbit docs (CLI and FAQ) show: Free = 3 reviews/hour, Pro = 5 reviews/hour. Current documentation incorrectly lists 2 and 8. To prevent future drift, replace static numbers with a reference to official docs:
Recommended fix
- Free: 2 reviews/hour
- Pro: 8 reviews/hour
+ See [CodeRabbit rate limits](https://docs.coderabbit.ai/cli#pricing-and-capabilities) for current limits by planOr if static values are preferred for quick reference, update to the verified current limits (Free: 3, Pro: 5).
🤖 Prompt for AI Agents
In @.agent/tools/code-review/coderabbit.md around lines 46 - 50, Update the "##
Rate Limits" section: change the static bullets currently showing "Free: 2
reviews/hour" and "Pro: 8 reviews/hour" to the verified values "Free: 3
reviews/hour" and "Pro: 5 reviews/hour" (or replace the bullets with a single
line linking to the official CodeRabbit docs for dynamic reference); locate the
"## Rate Limits" header and modify the two bullet lines beneath it accordingly
in the .agent/tools/code-review/coderabbit.md file.
… (GH#3520) The eval vulnerability was already fixed in PR #436 (commit 5d4d96a) by replacing string-based command building with bash arrays. This commit completes the remaining Gemini review suggestion from PR #124 by adding a `*` default case to both review_changes() and review_all_changes() to reject invalid mode arguments with a clear error message. Without the default case, an invalid mode silently falls through the case statement and runs `coderabbit` with no mode flags, which is unexpected behavior. Closes #3520
… (GH#3520) (#4376) The eval vulnerability was already fixed in PR #436 (commit 5d4d96a) by replacing string-based command building with bash arrays. This commit completes the remaining Gemini review suggestion from PR #124 by adding a `*` default case to both review_changes() and review_all_changes() to reject invalid mode arguments with a clear error message. Without the default case, an invalid mode silently falls through the case statement and runs `coderabbit` with no mode flags, which is unexpected behavior. Closes #3520
1 participant
Summary
Updates CodeRabbit CLI integration to use correct commands per official documentation.
Changes
coderabbit-cli.sh
Before: Used
coderabbit review(incorrect)After: Uses
coderabbit --plainwith proper flagscoderabbit reviewcoderabbit --plaincoderabbit --prompt-only--type uncommitted--base <branch>setup(API key)auth(browser OAuth)New functions:
review_changes()- Review uncommitted changes with mode selectionreview_all_changes()- Review all changes (committed + uncommitted)auth_login()- Browser-based OAuth authenticationcoderabbit.md
Added comprehensive CLI documentation:
Testing
Related
Summary by CodeRabbit
New Features
authcommandreview-allcommand for comprehensive reviews of all changesDocumentation
✏️ Tip: You can customize this high-level summary in your review settings.